Ddos 
The Mozilla Foundation has issued an urgent security update for the Firefox web browser, addressing two critical vulnerabilities that could lead to memory corruption and remote code execution. Although the advisory labels the overall impact as “High,” both vulnerabilities have been scored 9.8 on the CVSS v3.1 scale, making them critical risks to user systems.
The first vulnerability, tracked as CVE-2025-49709, is rooted in certain canvas operations that could result in memory corruption. Exploiting this flaw could potentially allow attackers to manipulate memory in unsafe ways, possibly leading to arbitrary code execution. “Certain canvas operations could have lead to memory corruption,” Mozilla stated in its advisory.
The second vulnerability, tracked as CVE-2025-49710, stems from an integer overflow within OrderedHashTable, a data structure used by Firefox’s JavaScript engine. An attacker could exploit this flaw through malicious JavaScript, resulting in memory safety violations and possible exploitation through crafted web content. “An integer overflow was present in OrderedHashTable used by the JavaScript engine,” Mozilla confirmed.
All Firefox users—especially those on versions prior to 139.0.4—should:
- Update immediately to version 139.0.4 via built-in browser update tools or Mozilla’s official download page.
- Enable automatic updates to reduce the risk of delayed patching.
- Consider deploying browser sandboxing and application control policies in enterprise environments.
Related Posts:
- Microsoft releases January Patch Tuesday to fix 56 security issues
- Mozilla releases emergency update to fix two exploited zero-day vulnerabilities in Firefox
- Mozilla Confirms Active Attacks on Tor Browser via Firefox Vulnerability
- Mozilla announces that all new Firefox features are limited to HTTPS connections
Donate